2 files changed, 28 insertions, 1 deletions
diff --git a/meta-oe/recipes-crypto/libtomcrypt/libtomcrypt/CVE-2019-17362.patch b/meta-oe/recipes-crypto/libtomcrypt/libtomcrypt/CVE-2019-17362.patch
new file mode 100644
index 0000000000..8b7348a11f
--- /dev/null
+++ b/meta-oe/recipes-crypto/libtomcrypt/libtomcrypt/CVE-2019-17362.patch
@@ -0,0 +1,25 @@
+From 25c26a3b7a9ad8192ccc923e15cf62bf0108ef94 Mon Sep 17 00:00:00 2001
+From: werew <werew@ret2libc.com>
+Date: Thu, 3 Oct 2019 19:57:10 +0200
+Subject: [PATCH] Fixes #507
+Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
+---
+Upstream-Status: Backport [https://github.com/libtom/libtomcrypt/commit/64d1153e5a515740ab56f39c46baf4cf6991a9d3]
+ src/pk/asn1/der/utf8/der_decode_utf8_string.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/src/pk/asn1/der/utf8/der_decode_utf8_string.c b/src/pk/asn1/der/utf8/der_decode_utf8_string.c
+index 94555b99f..d3ed82bea 100644
+--- a/src/pk/asn1/der/utf8/der_decode_utf8_string.c
+++ b/src/pk/asn1/der/utf8/der_decode_utf8_string.c
+@@ -65,7 +65,7 @@ int der_decode_utf8_string(const unsigned char *in,  unsigned long inlen,
+       /* count number of bytes */
+       for (z = 0; (tmp & 0x80) && (z <= 4); z++, tmp = (tmp << 1) & 0xFF);
+ 
+-      if (z > 4 || (x + (z - 1) > inlen)) {
+      if (z == 1 || z > 4 || (x + (z - 1) > inlen)) {
+          return CRYPT_INVALID_PACKET;
+       }
+ 
diff --git a/meta-oe/recipes-crypto/libtomcrypt/libtomcrypt_1.18.2.bb b/meta-oe/recipes-crypto/libtomcrypt/libtomcrypt_1.18.2.bb
index b144338921..8b73cdda85 100644
--- a/meta-oe/recipes-crypto/libtomcrypt/libtomcrypt_1.18.2.bb
+++ b/meta-oe/recipes-crypto/libtomcrypt/libtomcrypt_1.18.2.bb
@@ -6,7 +6,9 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=71baacc459522324ef3e2b9e052e8180"
 DEPENDS += "libtool-cross"
-SRC_URI = "git://github.com/libtom/libtomcrypt.git;protocol=https;branch=master"
+SRC_URI = "git://github.com/libtom/libtomcrypt.git;protocol=https;branch=master \
+   file://CVE-2019-17362.patch \
+"
 SRCREV = "7e7eb695d581782f04b24dc444cbfde86af59853"

diff --git a/meta-oe/recipes-crypto/libtomcrypt/libtomcrypt/CVE-2019-17362.patch b/meta-oe/recipes-crypto/libtomcrypt/libtomcrypt/CVE-2019-17362.patch new file mode 100644 index 0000000000..8b7348a11f --- /dev/null +++ b/meta-oe/recipes-crypto/libtomcrypt/libtomcrypt/CVE-2019-17362.patch
@@ -0,0 +1,25 @@
		1	From 25c26a3b7a9ad8192ccc923e15cf62bf0108ef94 Mon Sep 17 00:00:00 2001
		2	From: werew <werew@ret2libc.com>
		3	Date: Thu, 3 Oct 2019 19:57:10 +0200
		4	Subject: [PATCH] Fixes #507
		5
		6	Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
		7	---
		8	Upstream-Status: Backport [https://github.com/libtom/libtomcrypt/commit/64d1153e5a515740ab56f39c46baf4cf6991a9d3]
		9
		10	src/pk/asn1/der/utf8/der_decode_utf8_string.c \| 2 +-
		11	1 file changed, 1 insertion(+), 1 deletion(-)
		12
		13	diff --git a/src/pk/asn1/der/utf8/der_decode_utf8_string.c b/src/pk/asn1/der/utf8/der_decode_utf8_string.c
		14	index 94555b99f..d3ed82bea 100644
		15	--- a/src/pk/asn1/der/utf8/der_decode_utf8_string.c
		16	+++ b/src/pk/asn1/der/utf8/der_decode_utf8_string.c
		17	@@ -65,7 +65,7 @@ int der_decode_utf8_string(const unsigned char *in, unsigned long inlen,
		18	/* count number of bytes */
		19	for (z = 0; (tmp & 0x80) && (z <= 4); z++, tmp = (tmp << 1) & 0xFF);
		20
		21	- if (z > 4 \|\| (x + (z - 1) > inlen)) {
		22	+ if (z == 1 \|\| z > 4 \|\| (x + (z - 1) > inlen)) {
		23	return CRYPT_INVALID_PACKET;
		24	}
		25


diff --git a/meta-oe/recipes-crypto/libtomcrypt/libtomcrypt_1.18.2.bb b/meta-oe/recipes-crypto/libtomcrypt/libtomcrypt_1.18.2.bb index b144338921..8b73cdda85 100644 --- a/meta-oe/recipes-crypto/libtomcrypt/libtomcrypt_1.18.2.bb +++ b/meta-oe/recipes-crypto/libtomcrypt/libtomcrypt_1.18.2.bb
@@ -6,7 +6,9 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=71baacc459522324ef3e2b9e052e8180"
6		6
7	DEPENDS += "libtool-cross"	7	DEPENDS += "libtool-cross"
8		8
9	SRC_URI = "git://github.com/libtom/libtomcrypt.git;protocol=https;branch=master"	9	SRC_URI = "git://github.com/libtom/libtomcrypt.git;protocol=https;branch=master \
		10	file://CVE-2019-17362.patch \
		11	"
10		12
11	SRCREV = "7e7eb695d581782f04b24dc444cbfde86af59853"	13	SRCREV = "7e7eb695d581782f04b24dc444cbfde86af59853"
12		14